Carlsbad Municipal Schools experienced a cyber incident that surfaced Oct. 30, disrupting phones and internet before phased restoration in early November, according to district posts and meeting records.
ParentSquare messages reviewed by DysruptionHub show campus phones down Oct. 30 and a district note Oct. 31 acknowledging a “network security event” under investigation. Some campuses told families teachers lacked access to ParentSquare and email during recovery.
Parents in public threads said internet problems stretched close to three weeks and that communication shifted to paper notes and an in-person principals’ meeting. Several parents said they received few details about the cause, whether data was exposed, or which systems were affected. One parent said the first mention of a cyberattack came from a student. Classes were not canceled, parents said.
On Nov. 6, the district told families student Chromebooks were operating, internet service was being restored, and all Windows devices were collected for in-depth security checks. Families were urged to ignore rumors of months-long downtime.
On Nov. 10, the Carlsbad local of the National Education Association said its leaders had tried to reach Superintendent Gerry Washburn for an official statement and guidance for staff and parents. The union urged members not to log in to district programs on personal devices and linked to NEA-New Mexico cybersecurity guidance. In other public posts, members voiced frustration over the district’s lack of transparency.
The school board held a special meeting Nov. 14, moving “CMS Network Security and Operability” into executive session under the attorney-client exception, with possible action on “options for initiating litigation.” A recording posted online ends after the vote to enter the closed session.
Officials have not said what caused the disruption or whether any data was accessed. In a brief website note, the district said restoration work was time-consuming but necessary for long-term security and pledged full restoration.
The district did not respond to emails seeking comment by publication time.
Carlsbad Municipal Schools serves about 7,300 students across 14 schools in Eddy County.
Elsewhere in New Mexico, schools, government and state services have faced recent cyber disruptions: Gadsden ISD reported ransomware on Aug. 13, 2024, said no student or employee data was compromised, and moved to restore systems within days. Aztec Municipal Schools closed the week of Feb. 24, 2025, and reopened March 3 as the Interlock ransomware group claimed responsibility. Western New Mexico University endured roughly two weeks of outages in mid-April; reporting tied the attack to the Qilin group, and later university notices described sensitive employee data at risk. Taos County said a “sophisticated cyberattack” first detected June 5 limited or halted administration services while the Kairos group claimed theft of about 1.94 TB of county data. The Department of Game and Fish shut down online license card payments Aug. 29 after a bot attack and restored them Sept. 4, saying no customer data was exposed.
